use etc-factory instead of tmpfiles

tmpfiles are too inflexible as it turns out

Fixes #261

build.sh

@@ -73,6 +73,10 @@ rm --recursive --force kde-linux-sysupdated
 git clone https://invent.kde.org/kde-linux/kde-linux-sysupdated
 DESTDIR=$PWD/mkosi.extra make --directory=kde-linux-sysupdated install
 
+rm --recursive --force etc-factory
+git clone https://invent.kde.org/kde-linux/etc-factory
+DESTDIR=$PWD/mkosi.extra make --directory=etc-factory install
+
 mkosi \
     --environment="CI_COMMIT_SHORT_SHA=${CI_COMMIT_SHORT_SHA:-unknownSHA}" \
     --environment="CI_COMMIT_SHA=${CI_COMMIT_SHA:-unknownSHA}" \

mkosi.extra/usr/lib/systemd/system-preset/50-kde-linux.preset

@@ -29,6 +29,8 @@ enable kde-linux-live-setup.service
 enable kde-linux-volatile-var-lib-flatpak.service
 enable plasma-setup-live-system.service
 enable var-lib-snapd-snap.mount
+# also one of ours but not prefixed with kde-linux- so others can use it too
+enable etc-factory.service
 
 # networkd - we use networkmanager
 disable systemd-networkd-wait-online.service

mkosi.extra/usr/lib/systemd/system/local-fs-pre.target.wants/etc-factory.service

@@ -0,0 +1 @@
+../etc-factory.service

mkosi.extra/usr/lib/tmpfiles.d/etc.conf

@@ -2,69 +2,9 @@
 # SPDX-FileCopyrightText: none
 
 # WARNING: this file overwrites the etc.conf from systemd! This is intentional and required. Do not rename this file!
-# The rationale is that the etc.conf from systemd copies stuff, but we want to link things instead.
+# The rationale is that the etc.conf from systemd copies stuff, but we want more control over the process.
 
 L /etc/os-release - - - - ../usr/lib/os-release
 L+ /etc/mtab - - - - ../proc/self/mounts
 
-# Make sure sudo is set up so the command works and wheel has sudo access.
-L /etc/sudoers
-d /etc/sudoers.d/ 0750 root root - -
-L /etc/sudoers.d/10-installer
-
-# NOTE: the actual etc files live in /usr/share/factory and we simply link from there (as per tmpfiles.d docs)
-
-# Font configuration
-L /etc/fonts
-# Login message
-L /etc/issue
-# Name resolver
-L /etc/nsswitch.conf
-# Link configs individually. We do not want to link the directory because it is meant to contain the keys.
-L /etc/ssh/ssh_config
-L /etc/ssh/ssh_config.d
-L /etc/ssh/sshd_config
-L /etc/ssh/sshd_config.d
-# Desktop defaults and autostart desktop files
-L /etc/xdg
-
-# From etc.conf in particleos; reduced to our needs:
-L /etc/profile
-L /etc/profile.d
-# Required by pam_env plugin
-L /etc/security
-L? /etc/bashrc
-L? /etc/bash.bashrc
-L? /etc/bash.bash_logout
-# Canonical location to look for certificates
-L? /etc/ca-certificates
-L? /etc/crypto-policies
-L? /etc/pki
-L /etc/debuginfod
-# Canonical location to look for certificates
-L /etc/ssl
-# Required by pam environment plugin
-L /etc/environment
-# Configuration for ldconfig
-L /etc/ld.so.conf
-L /etc/ld.so.conf.d
-# Required by fwupd
-L /etc/fwupd
-# Required by Tuned; see https://github.com/redhat-performance/tuned/issues/798
-L /etc/tuned
-# Required by pam_shells to whitelist shells for use
-L /etc/shells
-# Required by apparmor (or by snapd, unclear, presented during snap install)
-L /etc/apparmor
-L /etc/apparmor.d
-# Without this groups aren't created on useradd. Though it's unclear why.
-L /etc/login.defs
-
-# Avahi explodes if the configs aren't in /etc
-d /etc/avahi/ 0755 root root - -
-L /etc/avahi/avahi-autoipd.action
-# Avahi also falls over if the config is not writable, so copy it.
-C /etc/avahi/avahi-daemon.conf 644 root root - -
-L /etc/avahi/avahi-dnsconfd.action
-L /etc/avahi/hosts
-d /etc/avahi/services 0755 root root - -
+# Prefer the etc-factory tool over adding things here.